Compliance Audits: 10 Steps to Success

The cost of noncompliance and damage to reputation can be debilitating, but preventive measures save resources by eliminating the cost of noncompliance and damage to reputation.

Astute receivables leaders know how to identify issues and act on them before they become major problems—especially when it comes to compliance.

The cost of noncompliance and damage to reputation can be debilitating, but preventive measures save resources by eliminating the cost of noncompliance and damage to reputation, helping to create new business and maintain advantage over the competition. For this reason, ARM agencies should work diligently to prepare for potential compliance audits from the CFPB or other regulatory authorities who oversee their operations.

If they don't, the risk of fines, penalties and legal actions may mount to an untenable extent if they aren't avoided through mitigation actions.

Despite the warnings, many choose less favorable options, either ignoring the need for checks on their compliance tactics, hiring outside contractors who don't know their business, or simply absorbing the inevitable cost of noncompliance. Leaders take the proverbial bull by the horns, act immediately to avoid expenses and put their operations in a stronger position.

Immersing yourself in your own business and fearlessly seeking out issues that need correction brings your operation to heights you wouldn't think possible. Here are 10 key pieces you need to avoid botching your compliance audit:


Establishing a culture of compliance starts with communication, but relies on expectation of integrity and accountability. Your organization needs published values and a code of ethics. Write them down, distribute them, evangelize them at company meetings and reward those who follow.


Take a good, hard look at your agency and learn where it stands with regard to compliance. Learn the regulations that apply to you, in detail, and gain a full understanding of the ramifications of not following them. Find out where the gaps and vulnerabilities lie. Be honest with yourself and your team.


When it comes time to actually conduct your audit, don't leave it to run itself—orchestrate and control it. Be proactive, make a plan and get ahead of possible issues before they become threats. Prepare participants who will meet with auditors and know your evidence: Documents and records.


Make all stakeholders aware of compliance expectations. Communicate them to your board of directors and executive leadership. Educate everyone in your organization about the policies, procedures, laws and regulations as you work to ensure understanding and buy-in.


Audit methods may involve interviews, inspections, observation, testing and sampling. So take some time to determine the audit's scope and criteria, select participants, set expectations and provide reference criteria to specific requirements.

A System

Establish a formal compliance management system to identify, prevent and correct compliance breakdowns. Empower leaders within your organization for key roles and responsibilities, and document your policies and procedures. These practices should strengthen your ability to identify and manage compliance violations, and identify, analyze and mitigate risks.


Schedule your audits to meet business needs with respect to relevance, degree of risk, process stability, prior issues, regulatory requirements, organizational realignment and infusion of new talent. An audit may be required, but you should take advantage of the flexibility you're offered.

Internal Audits

Provide your staff and management with a crash course in compliance, and sponsor and empower objective employees to test your operation ahead of time. Select your own auditors based on competency and integrity and ensure objectivity by both organization and relationship.

Have them check to make sure any noncompliance issues you uncover are resolved, and examine every requirement of your business—regulations, policies, processes, laws, standards and controls are all fair game. Then, identify nonconformance, opportunities for improvement and capture a description of how you've conformed to each.


Create a nonthreatening environment for both auditors and associates alike and talk with those handling your business ahead of time. Conduct mock interviews and record your observations and findings, while managing with respect to time and content. You should ask open-ended questions that help describe how employees are trained on consumer financial protection laws, how training is monitored to ensure expectations are met and how potential violations are identified.


Get a handle on how your audit will go and have a plan in place for the outcomes you expect. That means creating checks and balances for vulnerabilities and measuring key goals and strategic initiatives to monitor achievement and progress. Periodically examine your training records and conduct your own internal audit on your compliance management system.

A compliance audit is a serious matter with serious impact on your business. Take the time to ensure you're prepared—it will pay serious dividends down the line.

Originally published on Corporate Counsel. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Contributing Author

Dan Potts

Dan Potts, process appraisal and certifications director at Ontario Systems, is a certified CMMI lead appraiser, and has served clients in the commercial insurance, banking...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.